[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: EXTERNAL: Re: write permission issues with repository hosting

From: Polder, Matthew J <matthew.j.polder_at_lmco.com>
Date: Mon, 01 Nov 2010 11:36:18 -0400

Update:

We made some progress once we updated the Group property in the httpd.conf file as suggested in http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn (look up one paragraph). However, now we’re running into Issue 3437, where the rep-cache.db file is created with –rw-r--r--. Anyone have any suggestions how to get around this?

thanks,
matthew

From: Polder, Matthew J
Sent: Monday, November 01, 2010 9:53 AM
To: 'David Weintraub'
Cc: users_at_subversion.apache.org
Subject: RE: EXTERNAL: Re: write permission issues with repository hosting

David,

Thanks for your answer from your Ferrari.

We’ve considered using the http protocol locally on the unix machine hosting subversion, but then we either have to always type in our password (we’re using ldap verification) which is annoying, or store the password unencrypted locally in the .subversion/auth directory.

Our problem stems from the http process. When an import or commit is done via http, the dav directory in the repository folder becomes 775 (drwxrwxr-x) but the owner and group is daemon, not the original svn group the repository was created with, so no user in the svn group can thereafter write to the repository.

thanks,
matthew

From: David Weintraub [mailto:qazwart_at_gmail.com]
Sent: Monday, November 01, 2010 9:36 AM
To: Polder, Matthew J
Cc: users_at_subversion.apache.org
Subject: EXTERNAL: Re: write permission issues with repository hosting

On Oct 29, 2010, at 11:41 AM, "Polder, Matthew J" <matthew.j.polder_at_lmco.com<mailto:matthew.j.polder_at_lmco.com>> wrote:
We’re running Subversion 1.6.12 on a Solaris 10 machine and hosting repositories on it. Users can create and use repositories via svnadmin and svn locally on the Solaris machine via file:///<file:///\\>, or they can check in and out via TortoiseSVN 1.6.8 on their PC via the http:///<http://> protocol, with LDAP verification.
It's very simple. All files in the repository must be read/writeable to the user who is running the server side process. For the file:/// protocol, it's the user doing the checkout. For svn://,it's the user who is running svnserve. For http://, it's the user running httpd.

The files don't have to be owned by the user. For example, the user might be a member of a group with read/write access. However, when a new revision is written, the new revision will be owned by the user running the server process.

Normally, you don't use the file:/// protocol except for private repositories. Otherwise, all users can directly manipulate the source repository itself. In fact, I never use file:/// even on my private repository. It's easy enough to run svnserve on my machine.

Have the svnserve and httpd processes owned by the same user and drop file:/// access. Then chown the files to that user and set permissions on all files to 664.

--
David Weintraub
David_at_Weintraub.name<mailto:David_at_Weintraub.name>
Sent from my iPhone while riding in my Ferrari. (Jealous?)
Received on 2010-11-01 16:37:05 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.